CN102868534A - RFID (Radio Frequency Identification) safety certification method based on two-deck searching - Google Patents

RFID (Radio Frequency Identification) safety certification method based on two-deck searching Download PDF

Info

Publication number
CN102868534A
CN102868534A CN2012103427777A CN201210342777A CN102868534A CN 102868534 A CN102868534 A CN 102868534A CN 2012103427777 A CN2012103427777 A CN 2012103427777A CN 201210342777 A CN201210342777 A CN 201210342777A CN 102868534 A CN102868534 A CN 102868534A
Authority
CN
China
Prior art keywords
label
write line
read write
server
make
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012103427777A
Other languages
Chinese (zh)
Other versions
CN102868534B (en
Inventor
庞辽军
何利伟
李慧贤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Xidian University
Original Assignee
Northwestern Polytechnical University
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University, Xidian University filed Critical Northwestern Polytechnical University
Priority to CN201210342777.7A priority Critical patent/CN102868534B/en
Publication of CN102868534A publication Critical patent/CN102868534A/en
Application granted granted Critical
Publication of CN102868534B publication Critical patent/CN102868534B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The invention discloses an RFID (Radio Frequency Identification) safety certification method based on two-deck searching, which are used for solving the technical problem of poor safety of the traditional RFID safety certification method. The technical scheme of the invention is as follows: two-deck searching is adopted when a server retrieves label information in a database, to be specific, the label information is subjected to preliminary retrieval by a simple CRC (Cyclic Redundancy Check) function and is then subjected to accurate positioning by using a PRNG (Pseudo Random Noise Generation) function. The RFID safety certification method has the advantages of effectively guaranteeing the privacy of RFID labels and improving the safety of RFID certification.

Description

RFID safety certifying method based on two-layer search
Technical field
The present invention relates to a kind of radio frequency identification (hereinafter to be referred as RFID) safety certifying method, particularly a kind of RFID safety certifying method based on two-layer search.
Background technology
In rfid system, owing to carrying out radio communication by radiofrequency signal between read write line and the label, cause rfid system very easily to suffer various attack, so safety problem has become one of main challenge that the extensive use of RFID technology faces.
Document " A Lightweight Authentication Protocol for Low-Cost RFID.Journal of Signal Processing Systems 2010; 59 (1): 95-102 " has designed a kind of RFID authentication protocol of lightweight, topmost arithmetic operation is cyclic redundancy check (CRC) code (CRC), pseudorandom number generator (PRNG) and step-by-step XOR (XOR) operation on read write line and labeling apparatus, calculate simple, meet the lightweight standard of low cost RFID authentication protocol, have certain performance advantage.In the method, the introducing of searching number so that server after receiving the request grouping that read write line sends, by with database in label record compare, can judge fast the whether record of target labels in database of this label.Simultaneously, attack in order to overcome the tracking that static index number brings, in the method, after the each success identity read write line of label, need to upgrade searching number.But there is safety problem in the method.If the assailant intercepts the response message of read write line by the means of the active attack such as interception, so that label does not upgrade searching number, in this case, because server record has current and previous searching number information, do not affect the verification process of next time, therefore, in double success identity, the assailant can obtain call number by the communication channel between eavesdropping read write line and the label, thus the behavior of successful tracking tags.This attack will cause serious privacy concern in concrete practical application example (such as identity card ID cards etc.).
Summary of the invention
In order to overcome the deficiency of existing RFID safety certifying method poor stability, the invention provides a kind of RFID safety certifying method based on two-layer search.The method is by the label information in the server retrieves database, adopt two-layer search, by simple CRC function label information is carried out preliminary search first, then utilize the PRNG function accurately to locate, can effectively ensure the privacy of RFID label, improve the fail safe of RFID authentication.
The technical solution adopted for the present invention to solve the technical problems: a kind of RFID safety certifying method based on two-layer search is characterized in may further comprise the steps:
The first step: read write line R generates random number r 1, the inquiry grouping of structure read write line also sends it to label T, and read write line inquiry grouping only comprises random number r 1
Second step: label T generates random number r after receiving the read write line inquiry grouping of read write line R transmission 2, calculate
Figure BDA00002145585200021
And PRNG (x||r 1|| r 2|| SID), make m 1And m 2Be respectively
Figure BDA00002145585200022
First half and the value of latter half, n 1And n 2Be respectively PRNG (x||r 1|| r 2|| first half SID) and the value of latter half.Wherein, x is the shared key that is stored in the label, and SID is the label password identifiers that is stored in the label.At last, label T structure label respond packet also sends it to read write line R, and the label respond packet comprises random number r 2, m 1And n 1
The 3rd step: after read write line R received the label respond packet of label T transmission, the request of structure read write line was divided into groups and it is passed to server S, and read write line request grouping comprises r 1, r 2, m 1And n 1
The 4th step: server S is carried out following operation after receiving the read write line request grouping of read write line R transmission:
4.1 make i=1, turn 4.2;
4.2 make x i=x Inew, calculate CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) , Make m 1' and m 2' be respectively CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) The value of first half and latter half is judged m 1'=m 1Whether set up, wherein m 1Be the m in the read write line request grouping 1Value.If set up, turn 4.3; Otherwise, turn 4.4.
4.3 calculate PRNG (x i|| r 1|| r 2|| SID i), make n 1' and n 2' be respectively PRNG (x i|| r 1|| r 2|| SID i) first half and the value of latter half, and judge n 1'=n 1Whether set up, wherein n 1Be the n in the read write line request grouping 1Value.If set up, turn 4.6; Otherwise, turn 4.4.
4.4 make x i=x Iold, calculate CRC ( ( x i ⊕ SI D i ) | | r 1 | | r 2 ) , Make m 1' and m 2' be respectively CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) First half and the value of latter half, judge m 1'=m 1Whether set up.If set up, turn 4.5; If be false, make i=i+1 and judge whether i is not more than N.If i is not more than N, turn 4.2; Otherwise, authentification failure, exit protocol process.
4.5 calculate PRNG (x i|| r 1|| r 2|| SID i), make n 1' and n 2' be respectively PRNG (x i|| r 1|| r 2|| SID i) first half and the value of latter half, and judge n 1'=n 1Whether set up, wherein n 1Be the n in the read write line request grouping 1Value.If set up, turn 4.6; Otherwise, make i=i+1 and judge whether i is not more than N.If i is not more than N, turn 4.2; Otherwise, authentification failure, exit protocol process.
4.6 server S structure server respond packet, this grouping comprises n 2' and D i, D wherein iFor being stored in the details of the label in the database.Simultaneously, it is as follows that server S is upgraded the label record items for information that label T stores in server: if x iEqual x Inew, then make x Iold=x InewAnd x Inew=PRNG (r 1|| R 2|| m 2'); Otherwise, x IoldRemain unchanged and make x Inew=PRNG (r 1|| R 2|| m 2').At last, server S sends to read write line R with the server respond packet.
The 5th step: after read write line R receives the server respond packet of server S transmission, extract the details D of label T i, then to construct the read write line respond packet and send it to label T, this read write line respond packet only comprises n 2';
The 6th step: after label T receives the respond packet of read write line R, judge n 2'=n 2Whether set up.If be false, label T keeps the value of x constant, and finishes current protocol procedures; Otherwise, label T success identity server S, and carry out following renewal process: x=PRNG (r 1|| R 2|| m 2).
The invention has the beneficial effects as follows: because by the label information in the server retrieves database, adopt two-layer search, by simple CRC function label information is carried out preliminary search first, then utilize the PRNG function accurately to locate, effectively ensure the privacy of RFID label, improved the fail safe of RFID authentication.
Below in conjunction with drawings and Examples the present invention is elaborated.
Description of drawings
Fig. 1 is the flow chart that the present invention is based on the RFID safety certifying method of two-layer search.
Fig. 2 is the flow process detail drawing that the present invention is based on the RFID safety certifying method of two-layer search.
Embodiment
Describe the present invention in detail with reference to Fig. 1,2.
Explanation of nouns.
N: the number of the label of storing in the server;
I: variable, its value is positive integer (1≤I≤N), be used to refer to the concrete memory location of label in the database;
SID: be stored in the password identifiers in the label;
X: be stored in the shared key in the label;
SID i: the password identifiers that is stored in i label in the server;
D i: the details that are stored in i label in the server;
x Inew: the current shared key that is stored in i label in the server;
x Iold: the previous shared key that is stored in i label in the server;
x i: variable, its value is x InewOr x Iold
r 1: random number;
r 2: random number;
||: the linked operation symbol;
Figure BDA00002145585200031
Step-by-step xor operation symbol, i.e. XOR operator;
CRC (k): cyclic redundancy check (CRC) function, k are independent variable;
PRNG (k): pseudo randomizer function, k are independent variable.
(1) initialization procedure.
Before the verification process operation, initialization procedure is:
In order to prevent Denial of Service attack, server is preserved current and previous shared key x in database iValue, that is: the stored record of each label in database is x Inew, x Iold, SID iAnd D i, record is set to x when initial Inew=x Iold=x 0, random value x 0Produced by manufacturer, wherein x InewAnd x IoldBe respectively the current and previous shared key of label.Stored record in each label is x and SID, and they equate with record in database.Read write line and database are counted as an integral body, and read write line is without the long preservation identity information, thereby read write line need not to store any data in the scheme.
(2) verification process.
In the implementation example, protocol procedures is as follows:
The first step: read write line R generates random number r 1, the inquiry grouping of structure read write line also sends it to label T, and read write line inquiry grouping only comprises random number r 1
Second step: label T generates random number r after receiving the read write line inquiry grouping of read write line R transmission 2, calculate
Figure BDA00002145585200041
And PRNG (x||r 1|| r 2|| SID), make m 1And m 2Be respectively
Figure BDA00002145585200042
First half and the value of latter half, n 1And n 2Be respectively PRNG (x||r 1|| r 2|| first half SID) and the value of latter half.Wherein, x is the shared key that is stored in the label, and SID is the label password identifiers that is stored in the label.At last, label T structure label respond packet also sends it to read write line R, and the label respond packet comprises random number r 2, m 1And n 1
The 3rd step: after read write line R received the label respond packet of label T transmission, the request of structure read write line was divided into groups and it is passed to server S, and read write line request grouping comprises r 1, r 2, m 1And n 1
The 4th step: server S is carried out following operation after receiving the read write line request grouping of read write line R transmission:
4.1 make i=1, turn 4.2;
4.2 make x i=x Inew, calculate CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) , Make m 1' and m 2' be respectively CRC ( ( x i ⊕ SID i ) | | r i | | r 2 ) The value of first half and latter half is judged m 1'=m 1Whether set up, wherein m 1Be the m in the read write line request grouping 1Value.If set up, turn 4.3; Otherwise, turn 4.4.
4.3 calculate PRNG (x i|| r 1|| r 2|| SID i), make n 1' and n 2' be respectively PRNG (x i|| r 1|| r 2|| SID i) first half and the value of latter half, and judge n 1'=n 1Whether set up, wherein n 1Be the n in the read write line request grouping 1Value.If set up, turn 4.6; Otherwise, turn 4.4.
4.4 make x i=x Iold, calculate CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) , Make m 1' and m 2' be respectively CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) First half and the value of latter half, judge m 1'=m 1Whether set up.If set up, turn 4.5; If be false, make i=i+1 and judge whether i is not more than N.If i is not more than N, turn 4.2; Otherwise, authentification failure, exit protocol process.
4.5 calculate PRNG (x i|| r 1|| r 2|| SID i), make n 1' and n 2' be respectively PRNG (x i|| r 1|| r 2|| SID i) first half and the value of latter half, and judge n 1'=n 1Whether set up, wherein n 1Be the n in the read write line request grouping 1Value.If set up, turn 4.6; Otherwise, make i=i+1 and judge whether i is not more than N.If i is not more than N, turn 4.2; Otherwise, authentification failure, exit protocol process.
4.6 server S structure server respond packet, this grouping comprises n 2' and D i, D wherein iFor being stored in the details of the label in the database.Simultaneously, it is as follows that server S is upgraded the label record items for information that label T stores in server: if x iEqual x Inew, then make x Iold=x InewAnd x Inew=PRNG (r 1|| r 2|| m 2'); Otherwise, x IoldRemain unchanged and make x Inew=PRNG (r 1|| r 2|| m 2').At last, server S sends to read write line R with the server respond packet.
The 5th step: after read write line R receives the server respond packet of server S transmission, extract the details D of label T i, then to construct the read write line respond packet and send it to label T, this read write line respond packet only comprises n 2';
The 6th step: after label T receives the respond packet of read write line R, judge n 2'=n 2Whether set up.If be false, label T keeps the value of x constant, and finishes current protocol procedures; Otherwise, label T success identity server S, and carry out following renewal process: x=PRNG (r 1|| r 2|| m 2).
By above-mentioned authentication protocol, realized safety certification between read write line and the label, and read write line the details of legal label have been got access to.

Claims (1)

1. RFID safety certifying method based on two-layer search is characterized in that may further comprise the steps:
The first step: read write line R generates random number r 1, the inquiry grouping of structure read write line also sends it to label T, and read write line inquiry grouping only comprises random number r 1
Second step: label T generates random number r after receiving the read write line inquiry grouping of read write line R transmission 2, calculate
Figure FDA00002145585100011
And PRNG (x||r 1|| r 2|| SID), make m 1And m 2Be respectively First half and the value of latter half, n 1And n 2Be respectively PRNG (x||r 1|| r 2|| first half SID) and the value of latter half; Wherein, x is the shared key that is stored in the label, and SID is the label password identifiers that is stored in the label; At last, label T structure label respond packet also sends it to read write line R, and the label respond packet comprises random number r 2, m 1And n 1
The 3rd step: after read write line R received the label respond packet of label T transmission, the request of structure read write line was divided into groups and it is passed to server S, and read write line request grouping comprises r 1, r 2, m 1And n 1
The 4th step: server S is carried out following operation after receiving the read write line request grouping of read write line R transmission:
4.1 make i=1, turn 4.2;
4.2 make x i=x Inew, calculate CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) , Make m 1' and m 2' be respectively CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) The value of first half and latter half is judged m 1'=m 1Whether set up, wherein m 1Be the m in the read write line request grouping 1Value; If set up, turn 4.3; Otherwise, turn 4.4;
4.3 calculate PRNG (x i|| r 1|| r 2|| SID i), make n 1' and n 2' be respectively PRNG (x i|| r 1|| r 2|| SID i) first half and the value of latter half, and judge n 1'=n 1Whether set up, wherein n 1Be the n in the read write line request grouping 1Value; If set up, turn 4.6; Otherwise, turn 4.4;
4.4 make x i=x Iold, calculate CRC ( ( x i ⊕ SID i ) | | r 1 | | r 2 ) , Make m 1' and m 2' be respectively CRC ( ( x i ⊕ SI D i ) | | r 1 | | r 2 ) First half and the value of latter half, judge m 1'=m 1Whether set up; If set up, turn 4.5; If be false, make i=i+1 and judge whether i is not more than N; If i is not more than N, turn 4.2; Otherwise, authentification failure, exit protocol process;
4.5 calculate PRNG (x i|| r 1|| r 2|| SID i), make n 1' and n 2' be respectively PRNG (x i|| r 1|| r 2|| SID i) first half and the value of latter half, and judge n 1'=n 1Whether set up, wherein n 1Be the n in the read write line request grouping 1Value; If set up, turn 4.6; Otherwise, make i=i+1 and judge whether i is not more than N; If i is not more than N, turn 4.2; Otherwise, authentification failure, exit protocol process;
4.6 server S structure server respond packet, this grouping comprises n 2' and D i, D wherein iFor being stored in the details of the label in the database; Simultaneously, it is as follows that server S is upgraded the label record items for information that label T stores in server: if x iEqual x Inew, then make x Iold=x InewAnd x Inew=PRNG (r 1|| R 2|| m 2'); Otherwise, x IoldRemain unchanged and make x Inew=PRNG (r 1|| R 2|| m 2'); At last, server S sends to read write line R with the server respond packet;
The 5th step: after read write line R receives the server respond packet of server S transmission, extract the details D of label T i, then to construct the read write line respond packet and send it to label T, this read write line respond packet only comprises n 2';
The 6th step: after label T receives the respond packet of read write line R, judge n 2'=n 2Whether set up; If be false, label T keeps the value of x constant, and finishes current protocol procedures; Otherwise, label T success identity server S, and carry out following renewal process: x=PRNG (r 1|| R 2|| m 2).
CN201210342777.7A 2012-09-17 2012-09-17 RFID (Radio Frequency Identification) safety certification method based on two-deck searching Expired - Fee Related CN102868534B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210342777.7A CN102868534B (en) 2012-09-17 2012-09-17 RFID (Radio Frequency Identification) safety certification method based on two-deck searching

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210342777.7A CN102868534B (en) 2012-09-17 2012-09-17 RFID (Radio Frequency Identification) safety certification method based on two-deck searching

Publications (2)

Publication Number Publication Date
CN102868534A true CN102868534A (en) 2013-01-09
CN102868534B CN102868534B (en) 2014-11-26

Family

ID=47447140

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210342777.7A Expired - Fee Related CN102868534B (en) 2012-09-17 2012-09-17 RFID (Radio Frequency Identification) safety certification method based on two-deck searching

Country Status (1)

Country Link
CN (1) CN102868534B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103177273A (en) * 2013-02-08 2013-06-26 西北工业大学 Low-cost tag based mobile radio frequency identification authentication method
CN103338110A (en) * 2013-06-19 2013-10-02 广东工业大学 Dynamic ID based RFID safety authentication method with search secret key
CN106998252A (en) * 2017-05-18 2017-08-01 西安电子科技大学 Lightweight RFID cluster label authentication methods based on cloud database
CN107395354A (en) * 2017-06-02 2017-11-24 广东工业大学 A kind of mobile RFID system authentication method of lightweight

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853369A (en) * 2010-04-01 2010-10-06 西北工业大学 Random Harsh based two-way authentication method
US20110133902A1 (en) * 2008-08-01 2011-06-09 China Iwncomm Co., Ltd. Electronic label authenticating method and system
CN102497264A (en) * 2011-11-10 2012-06-13 西安电子科技大学 RFID security authentication method based on EPC C-1G-2 standard

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110133902A1 (en) * 2008-08-01 2011-06-09 China Iwncomm Co., Ltd. Electronic label authenticating method and system
CN101853369A (en) * 2010-04-01 2010-10-06 西北工业大学 Random Harsh based two-way authentication method
CN102497264A (en) * 2011-11-10 2012-06-13 西安电子科技大学 RFID security authentication method based on EPC C-1G-2 standard

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103177273A (en) * 2013-02-08 2013-06-26 西北工业大学 Low-cost tag based mobile radio frequency identification authentication method
CN103177273B (en) * 2013-02-08 2015-10-21 西北工业大学 Based on the mobile wireless radio frequency identification authentication method of low cost label
CN103338110A (en) * 2013-06-19 2013-10-02 广东工业大学 Dynamic ID based RFID safety authentication method with search secret key
CN103338110B (en) * 2013-06-19 2016-08-10 广东工业大学 RFID safety authentication based on dynamic I D band search key
CN106998252A (en) * 2017-05-18 2017-08-01 西安电子科技大学 Lightweight RFID cluster label authentication methods based on cloud database
CN106998252B (en) * 2017-05-18 2019-10-25 西安电子科技大学 Lightweight RFID cluster label authentication method based on cloud database
CN107395354A (en) * 2017-06-02 2017-11-24 广东工业大学 A kind of mobile RFID system authentication method of lightweight
CN107395354B (en) * 2017-06-02 2020-07-28 广东工业大学 Lightweight mobile RFID system authentication method

Also Published As

Publication number Publication date
CN102868534B (en) 2014-11-26

Similar Documents

Publication Publication Date Title
US11275911B2 (en) Tag, related method and system for identifying and/or authenticating objects
CN102497264B (en) RFID security authentication method based on EPC C-1G-2 standard
CN101488854B (en) Wireless RFID system authentication method and apparatus
Peris-Lopez et al. Flaws on RFID grouping-proofs. Guidelines for future sound protocols
Kardaş et al. Cryptanalysis of lightweight mutual authentication and ownership transfer for RFID systems
CN102510335A (en) RFID (Radio Frequency Identification Device) mutual authentication method based on Hash
CN104184733A (en) RFID lightweight-class bidirectional authentication method based on CRC coding
CN104320250A (en) Anti-counterfeiting authentication method based on NFC chip
JP5355685B2 (en) Wireless tag authentication method using radio wave reader
CN101853369A (en) Random Harsh based two-way authentication method
CN101980241B (en) Method, system and device for authenticating radio frequency tag
CN103532718A (en) Authentication method and authentication system
CN102868534B (en) RFID (Radio Frequency Identification) safety certification method based on two-deck searching
CN103177273A (en) Low-cost tag based mobile radio frequency identification authentication method
CN104935548A (en) Identity verification method, device and system based on intelligent tattooing equipment
CN101794402B (en) Wireless ultrahigh-frequency radio-frequency identification system and method thereof for resisting invalid quantity statistical attack
CN106559386A (en) A kind of authentication method and device
CN106027237A (en) Group based key array security authentication protocol in RFID (Radio Frequency Identification) system
Xiao et al. Security Protocol for RFID System Conforming to EPC-C1G2 Standard.
CN102983979A (en) Quick RFID authentication method based on secret information shared among tags
Safkhani et al. Weaknesses in another Gen2-based RFID authentication protocol
Younis et al. ITPMAP: An improved three-pass mutual authentication protocol for secure RFID systems
Chang et al. A location-privacy-protected RFID authentication scheme
Safkhani et al. On the security of an RFID‐based parking lot management system
Shi et al. The Lightweight RFID Grouping‐Proof Protocols with Identity Authentication and Forward Security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141126

Termination date: 20150917

EXPY Termination of patent right or utility model